WORKFLOW. MODELING, VERIFICATION, SECURITY

Spring 2017

Dr. Vasile AlaibaDistributed Systems | Information Security

Faculty of Computer Science“Alexandru Ioan Cuza” University, Iași, România

BUSINESS PROCESS MODEL AND NOTATION – BPMN 2.0

The main reference is the standard. It can be downloaded at: http://www.omg.org/spec/BPMN/

For a good introduction of what use cases the BPMN standard addresses, read Chapter 7 Overview of the specification (p. 19-45).

Some definitions and essential concepts are extracted from the standard and presented here in the next several slides.

However, this is not a comprehensive presentation of BPMN. For a deeper understanding always consult the standard.

TYPES OF MODELING

1. Processes (Orchestration), including: Private non-executable (internal) Business Processes

Private executable (internal) Business Processes

Public Processes

2. Choreographies

3. Collaborations, which can include Processes and/or Choreographies A view of Conversations

PRIVATE (INTERNAL) BUSINESS PROCESSES

Private Business Processes are those internal to a specific organization. Also called Workflow, BPM Processes or, in the context of SOA, orchestration of services.

An executable Process is a Process that has been modeled for the purpose of being executed.

A non-executable Process is a private Process that has been modeled for the purpose of documenting Process behavior.

If a swimlanes-like notation is used then a private Business Process will be contained within a single Pool. The Process flow is therefore contained within the Pool and cannot cross the boundaries of the Pool. The flow of Messages can cross the Pool boundary to show the interactions that exist between separate private Business Processes.

EXAMPLE OF A PRIVATE PROCESS

PUBLIC PROCESSES

A public Process represents the interactions between a private Business Process and another Process or Participant.

Only those Activities that are used to communicate to the other Participant(s) are included in the public Process.

All other “internal” Activities of the private Business Process are not shown in the public Process.

Thus, the public Process shows to the outside world the Message Flows and the order of those Message Flows that are needed to interact with that Process.

EXAMPLE OF A PUBLIC PROCESS

COLLABORATIONS

A Collaboration depicts the interactions between two or more business entities.

A Collaboration usually contains two or more Pools, representing the Participants in the Collaboration. The Message exchange between the Participants is shown by a Message Flow that connects two Pools (or the objects within the Pools).

The Messages associated with the Message Flows can also be shown.

With a public Process, the Activities for the Collaboration participants can be considered the “touch-points” between the participants. The corresponding internal (executable) Processes are likely to have much more Activity and detail than what is shown in the public Processes.

A Pool MAY be empty, a “black box.”

EXAMPLE OF A COLLABORATIVE PROCESS

CHOREOGRAPHIES

A self-contained Choreography (no Pools or Orchestration) is a definition of the expected behavior, basically a procedural contract, between interacting Participants.

While a normal Process exists within a Pool, a Choreography exists between Pools (or Participants).

The Choreography looks similar to a private Business Process since it consists of a network of Activities, Events, and Gateways. However, a Choreography is different in that the Activities are interactions that represent a set (1 or more) of Message exchanges, which involves two or more Participants.

In addition, unlike a normal Process, there is no central controller, responsible entity, or observer of the Process.

EXAMPLE OF A CHOREOGRAPHY

CONVERSATIONS

The Conversation diagram is a particular usage of and an informal description of a Collaboration diagram.

However, the Pools of a Conversation usually do not contain a Process and a Choreography is usually not placed in between the Pools of a Conversation diagram.

A Conversation is the logical relation of Message exchanges. The logical relation, in practice, often concerns a business object(s) of interest, e.g., “Order,” “Shipment and Delivery,” or “Invoice.”

EXAMPLE OF A CONVERSATION DIAGRAM

FROM MODELING TO AUTOMATION

Not any BPMN diagram can or should be executable.

For automation, we will focus only on private executable internal business processes.

Additionally, some extensions are available depending on the implementation platform (e.g. in Activiti, the form properties), and some functionality will be missing (e.g. in Activiti, conditional start events are not implemented).

NONE START EVENT

A none start event technically means that the trigger for starting the process instance is unspecified. This means that the engine cannot anticipate when the process instance must be started.

A form can be associated with the none start event. If form properties are defined, Activiti will display the form as part of the interface to start a process.

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnNoneStartEvent

SEQUENCE FLOW

A sequence flow is the connector between two elements of a process. After an element is visited during process execution, all outgoing sequence flow will be followed.

This means that the default nature of BPMN 2.0 is to be parallel: two outgoing sequence flow will create two separate, parallel paths of execution.

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnSequenceFlow

USER TASK

A user task is used to model work that needs to be done by a human actor. When the process execution arrives at such a user task, a new task is created in the task list of the user(s) or group(s) assigned to that task.

The task will not be executed unless it has resources assigned by the assignments property: Asignee – asign a single user

Candidate users – the task will appear to all the users in the list

Candidate groups – the task will appear to all the users part of the groups in the list

Documentation https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnUserTask

ACTIVITI FORM PROPERTIES

Form properties can be set on some elements such as user tasks or none start events.

A form property has some attributes: id = unique identifier in the scope of the form

type = can be string, long, enum, date or boolean

name = the label that will be displayed in the form

expression = a Java UEL expression to be used as initial value

variable = the name of the variable that will store the value in the process context

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#formProperties

IDENTITY MANAGEMENT

Activiti has its own identity management component that can be used from within Activiti Explorer or programatically.

In Activiti Explorer, go to Manage, then: Users – manage individual accounts

Groups – manage roles

Roles can be either: security roles: admin, user

assignment roles: engineering, management, marketing, sales

SCRIPT TASK

A script task is an automatic activity. When a process execution arrives at the script task, the corresponding script is executed.

The task has a property called script format. Possible options that ship with Activiti are groovy and JavaScript, but any JSR-223 scripting language can be used.

Actual code to be executed is passed to the script element.

In order to make changes to variables persistent you must call: execution.setVariable(“name”, value)

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnScriptTask

PARALLEL GATEWAY

The functionality of the parallel gateway is based on the incoming and outgoing sequence flow: fork: all outgoing sequence flow are followed in parallel, creating one concurrent execution for each

sequence flow.

join: all concurrent executions arriving at the parallel gateway wait in the gateway until an execution has arrived for each of the incoming sequence flow. Then the process continues past the joining gateway.

Note that a parallel gateway can have both fork and join behavior, if there are multiple incoming and outgoing sequence flow for the same parallel gateway. In that case, the gateway will first join all incoming sequence flow, before splitting into multiple concurrent paths of executions.

If conditions are defined on the sequence flow connected with the parallel gateway, they are simply neglected.

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.1487977049#bpmnParalle

lGateway

EXCLUSIVE GATEWAY (XOR GATEWAY)

An exclusive gateway is used to model a decision in the process. When the execution arrives at this gateway, all outgoing sequence flow are evaluated in the order in which they are defined. The sequence flow which condition evaluates to true (or which doesn’t have a condition set, conceptually having a 'true' defined on the sequence flow) is selected for continuing the process.

Note that the semantics of outgoing sequence flow is different to that of the general case in BPMN 2.0. In case multiple sequence flow have a condition that evaluates to true, the first one defined in the XML (and only that one!) is selected for continuing the process. If no sequence flow can be selected, an exception will be thrown.

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnExclusiveGateway

DEFAULT SEQUENCE FLOW

All BPMN 2.0 tasks and gateways can have a default sequence flow. This sequence flow is only selected as the outgoing sequence flow for that activity if and only if none of the other sequence flow could be selected. Conditions on a default sequence flow are always ignored.

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnDefaultSequenceFlow

NONE END EVENT

A none end event means that the result thrown when the event is reached is unspecified. As such, the engine will not do anything extra besides ending the current path of execution.

Documentation: https://www.activiti.org/userguide/index.html?_ga=1.187815208.1291034772.148797704

9#bpmnNoneEndEvent

LET’S PRACTICE!

Make sure you configured your H2 database to use persistent storage! See Lecture 2 for details on how it’s done.

We’ll build an executable process using the elements introduced until now.

Observe the expression power that we have with only these elements.

Think about what you would like to be modeling this semester and start working on it!